CLAIMS 

v We claim: 

A \ 1 u . A method of performing network packet filtering, said method 

/ 2 comprising: \ 

3 preprocessing a set of rules to generate a set of rule ranges along N dimensions; 

4 searching s&d rule ranges along said N dimensions in parallel to generate N sets 

5 of possible rules along said N dimensions; 

6 logically combining said N sets of possible rules to generate a final set of possible 
*7 rules; and \ 

8 applying said final set of possible rules. 

1 2. The method as claimed in claim 1 further comprising: 

\ 

2 generating a rule bit vector for each rule range along each of said N dimerisions; 

1 3. The method as claimed in claim 1 further comprising: 

2 generating a^searcffstructure for each set of rule ranges along each of said N 

3 dimensi^^T^^ \^ 

1 4. The method as claimed in claim 3 wherein one of said search 

2 structures comprises a look-up table. 
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5. The method as claimed in claim 3 wherein one of said search 
structures comprises a tree search structure. 



of 



6. The method as claimed in claim 1 wherein applying said final set 
possible rules comprises selecting a highest priority rule in said final set pf possible 



rules. 



7. The method as clamed in claim 1 wherein applying said final set 
of possible rules comprises applying all ri^es in said final set of possible rules. 



8. The method as claimed in claim 1 wherein each of said N sets of 
possible rules comprise a rule bit vector that specifies a set of rules that may apply. 



9. The method as claimed in claim 8 wherein said rule bit vectors are 
logically ANDed together to produce a final bit vector of rules that apply. 
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10. The method as claimed in claim 9 wherein applying said final set 
of possible rules comprises selecting a l^ghest priority rule in said final set of possible 
rules. 
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11. A method of pre-processing a set of rules for processing incoming 
data units, said incoming da^a units having a set of N dimensions to examine, said method 
comprising: 

dividing each of said N\dimensions into a contiguous set of rule ranges; 
assigning each of said rule ranges a range identifier; and 
creating a search structure for each of said N dimensions that organizes said rule 

ranges along each dimension such that an incoming data unit may be quickly 

classified into one of said rule ranges. 




12. The method as claimed in claim 1 1 wherein said range identifier 
comprises a rule bit vector that specifies a set of rules that may apply to incoming data 
units that fall within the associated rule raiige. 



1 13. The method as claimed in\claim 12 wherein said rule bit vectors 

2 are logically ANDed together by a rule processor to produce a final bit vector of rules that 

3 apply. 
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14. The method as claimed in claim 13 wherein said rule processor 
selects a highest priority rule in said final set of possible rules. 

\ ) 



15. The method as claimed in claim 1 1 wherein said range identifier 
comprises an index value. 



16. The method as claimed in claim 15 wherein said index values are 
used by a rule processor to index into a Ntdimensional look-up table for a final rule. 




17. The method as claimed in claim 1 1 wherein one of said search 
structures comprises a look-up table. 



18. The method as claimed in claim 1 1 wherein one of said search 
structures comprises a tree search structure. 
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19. A method of processing incoming data units, said incoming data 
units having a set of N dimensions to examine, said method comprising: 

searching N search structures for said N dimensions in parallel to classify 
incoming data units into a patching rule range along each of said N 
dimensions; 

logically combining said N matching rule ranges to generate a final set of possible 
rules; and 

applying said final set of possible rules. 



20. The method as claimed in claim 19 wherein each rule range 
comprises a range identifier. 




21. The method as claimed in claim 20 wherein said range identifier 
comprises a rule bit vector that specifies a\set of rules that may apply to incoming data 
units that fall within the associated rule range. 



22. The method as claimed in claim 21 wherein said step of logically 
combining said N matching rule ranges comprises logically ANDing together said rule bit 



\ 



vectors to produce a final set of possible rules. 
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23. The method as claimed in claim 22 wherein said applying said 
final set of possible rules comprises selecting a highest priority rule in said final set of 
possible rules. 



24. The method as claimed in claim 20 wherein said range identifier 
comprises an index value. 



25. The method as claimed in claim 20 wherein said index values are 
used to index into a N dimensional look-up tablefor a final rule. 




26. The method as claimed in claim 19 wherein one of said N search 
structures comprises a look-up table. \ 



27. The method as claimed in claim 19 wherein one of said search 
structures comprises a tree search structure. 
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